🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2024-10938 | Medium | 6.5 |
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives …
|
— | Feb 27, 2026 |
| CVE-2026-27793 | Medium | 6.5 |
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the `G…
|
— | Feb 27, 2026 |
| CVE-2026-28354 | Medium | 6.5 |
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulne…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-27773 | Medium | 6.5 |
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
|
— | Feb 27, 2026 |
| CVE-2026-28271 | Medium | 6.5 |
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functional…
|
— | Feb 27, 2026 |
| CVE-2026-27754 | Medium | 6.5 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for sessio…
|
— | Feb 27, 2026 |
| CVE-2026-27753 | Medium | 6.5 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows re…
|
— | Feb 27, 2026 |
| CVE-2026-2362 | Medium | 6.4 |
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute…
|
— | Feb 27, 2026 |
| CVE-2026-2383 | Medium | 6.4 |
The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all ve…
|
— | Feb 27, 2026 |
| CVE-2026-27810 | Medium | 6.4 |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2025-14040 | Medium | 6.4 |
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via th…
|
— | Feb 27, 2026 |
| CVE-2025-14142 | Medium | 6.4 |
The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of t…
|
— | Feb 27, 2026 |
| CVE-2025-14149 | Medium | 6.4 |
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p…
|
— | Feb 27, 2026 |
| CVE-2026-3289 | Medium | 6.3 |
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file Templ…
|
— | Feb 27, 2026 |
| CVE-2026-3286 | Medium | 6.3 |
A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save …
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2025-11950 | Medium | 6.3 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Adva…
|
— | Feb 27, 2026 |
| CVE-2026-3287 | Medium | 6.3 |
A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the…
|
— | Feb 27, 2026 |
| CVE-2025-13327 | Medium | 6.3 |
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or ins…
|
— | Feb 27, 2026 |
| CVE-2026-3292 | Medium | 6.3 |
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frph…
|
⚡ Exploit | Feb 27, 2026 |
| CVE-2026-27756 | Medium | 6.1 |
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the…
|
— | Feb 27, 2026 |